Daniel Pietzsch

Using Let's Encrypt SSL certificates with HostEurope Webhosting products

HostEurope currently doesn’t offer automatic usage of Let’s Encrypt SSL certificates with their Webhosting products – and probably never will. But here’s how you can make it work and navigate HostEurope’s manual and not so straight forward process.

To host my own videos, I needed HTTPS/SSL support for the domain I serve the files from. Because otherwise Chrome (and probably quite a few other browsers or clients) wouldn’t serve them, since it refuses to serve “mixed content”, i.e. webpage resources from both HTTP-URL and HTTPS-URL sources. And since I still have large amounts of simple webspace with HostEurope, I chose to put that to good use for this scenario. Before long, I’ll probably automate the process somehow; and I guess that means moving to another hoster that does offer Let’s Encrypt integration.

Anyhow, you can upload your own certificate files for your various domains and subdomains via their “Kunden-Informations-System” (KIS). But I found this process to be not very customer-friendly or helpful when something went wrong. And their help pages were of no help either. So, I wanted to write down the necessary steps – mainly for own future self.

How to enable Let’s Encrypt certificates for HostEurope’s Webhosting products

So, here’s how to do it:

  1. Install certbot on your local machine. On macOS, I use homebrew: brew install certbot.
  2. Generate a new certificate locally for the domain you need it for: sudo certbot certonly --manual.1
  3. Follow the instructions. Afterwards one certificate file and one private key file will have been created.
  4. Copy the files to a desired location on your hard drive. (Optional)2
  5. Change the file extension of both files from .pem to .txt.3
  6. Make sure the permissions of both files allow reading: [sudo] chmod +r fullchain.txt privkey.txt.
  7. Navigate to the form in HostEurope’s KIS:
    1. “Webhosting” -> Hit “Configure” (“Konfigurieren” in German) for your webhosting product.
    2. “Security & SSL” (“Sicherheit & SSL”)
    3. “Manage SSL” (“SSL Administrieren”)
    4. Choose “Add” (“Hinzufügen”) or “Replace” (“Ersetzen”) for the relevant subdomain.
  8. “Certificat” file input: add your fullchain.txt file.
  9. “Key” file input: add your privkey.txt file.
  10. Hit “Send”.

In case something goes wrong without a proper error message and a page couldn’t be opened, please check your files. Make sure they contain only a single certificate string, and have the correct .txt file extension.

If the upload succeeds, you’ll get the appropriate confirmation message and your (sub)domain is now secured by a Let’s Encrypt SSL certificate and can be requested via HTTPS-links.

When you need to renew your certificate before it expires (after three months), go through the exact same process again.

Helpful links:

  1. WARNING: if you’ve done this before – maybe because you are renewing your certificates – the current version of certbot will prepend the certificate string to any previous ones in the fullchain.pem file. Make sure to edit the file afterwards to only contain the latest certificate (which should be the first in that file). Update: as far as I found out now, this is not true. Usually you use fullchain.pem file, which contains all intermediate certs necessary. See: https://certbot.eff.org/docs/using.html#where-are-my-certificates. 

  2. I’d like to put them somewhere logical, where I can find them again in the future, if I need to.) 

  3. This is important, because the upload form (see next steps) expect them this way – and which is not really documented or obvious.